Privacy Policy

Scope   
1.0 This Personal Information Privacy Policy applies to Obidou Health Informatics in Canada, Sage Virtual Mental Health in the USA (heretofore known as 'We'), and their subsidiaries, and to any service providers collecting, using or disclosing personal information on their behalf.

Privacy
1.1  Your anonymity is  preserved because we do not collect your name, email, IP address or other personal information as part of our mental health screening and assessment services. Your anonymous information is then encrypted, transmitted and stored in your home country by our survey tool vendor, Survey Monkey. You can read their privacy policy at https://www.surveymonkey.com/mp/legal/privacy-policy/?ut_source=footer.



We do not offer a direct-to consumer sales channel. We will only use your personal information in order to... 

·      Verify your identity

·      Meet regulatory requirements

 


We only know you by your User ID#.

 

The only one who can connect your mental health information and your name is your care team, and only when you give them permission. You also get to choose who sees what. That's what we call field-level security. 


Consent
2.1 Our consent policy is intended to give you the who, what, where, when, how, risk and benefits of your participation. Our goal is to make sure that you know what you are consenting to, have had time to make an informed decision and the opportunity to ask questions.

 

2.2 Consent can only be provided in writing, electronically or through an authorized representative. 

2.3 There are no cases of implied consent.

2.4 You can withhold or withdraw your consent at any time.

2.5 Refusing or withdrawing consent will not affect your care in any way.


Disclosure
3.1  We will only use or disclose your personal information as mentioned above and only when necessary to fulfill the purposes identified at the time of collection, which would include contacting you to offer you the opportunity to connect to care.

3.2 We may be required to disclose your personal information to third parties when...  

 

  • The disclosure is required by law

  • In an emergency that threatens an individual's life, health, or personal security

  • In any situation where child protection would be warranted

 

3.3 We will not use or disclose your personal information for any additional purpose unless we obtain consent to do so. 

3.4 We will ask you for permission to use, store or disclose information in order to do research, improve the treatments we provide or improve the healthcare system. 

 

3.5 We will not sell your de-identified information without your specific consent and a specific reasonable, mutually agreed upon, financial compensation.​


Retaining Personal Information
4.1  If we use personal information to make a decision that directly affects you, we will retain that information for at least one year, so that you have a reasonable opportunity to request access to it. 

4.2  Subject to policy 4.1, we will retain client, customer, patient personal information only as long as necessary to fulfill the identified purposes above.

 

Accuracy
5.1  We will make reasonable efforts to ensure your personal information is accurate and complete, where it may be used to make a decision about you or disclosed to another organization. 

5.2  Patients may request correction to their personal information in order to ensure its accuracy and completeness.  A request to correct personal information must be made in writing and in sufficient detail to identify the correction being sought. 

5.3  If the personal information is demonstrated to be inaccurate or incomplete, we will correct the information as required and send the corrected information to any organization to which we disclosed the personal information. If the correction is not made, we will note the patients’ correction request in the file. 

 

Security
6.1  We are committed to ensuring the security of client, customer and patient personal information in order to protect it from unauthorized access, collection, use, disclosure, copying, modification or disposal or similar risks. 

6.2  The following security measures will be followed to ensure that patient personal information is appropriately protected, including: 
 

  • physically securing offices where personal information is held

  • the use of user IDs, passwords, encryption, firewalls; restricting employee access to personal information as appropriate (i.e., only those that need to know will have access);

  • contractually requiring any service providers or third parties who requires access, to provide confidentiality agreements or comparable security measures.


6.3  We will use appropriate security measures when destroying patient’s personal information such as shredding documents and permanently deleting electronically stored information. 

6.4  We will continually review and update our security policies and controls as technology changes to ensure ongoing personal information security. 

 


Access
 7.1  Patients have a right to access their personal information, subject to limited exceptions, such as, solicitor-client privilege, disclosure would reveal personal information about another individual, health and safety concerns.

7.2  A request to access personal information must be made in writing and provide sufficient detail to identify the personal information being sought. 

7.3  Upon request, we will also tell patients how we use their personal information and to whom it has been disclosed if applicable. 

7.4  We will make the requested information available within 30 business days, or provide written notice of an extension where additional time is required to fulfill the request. 

7.5  A fee may be charged for providing access to personal information. Where a fee may apply, we will inform the patient of the cost and request further direction from the patient on whether or not we should proceed with the request. 

7.6  If a request is refused in full or in part, we will notify the patient in writing, providing the reasons for refusal and the recourse available to the client, customer, member.

 

Questions and Complaints
8.1  The Privacy Officer or designated individual is responsible for ensuring Obidou Health Informatics’ and Sage Virtual Mental Health's compliance with this policy and the Personal Information Protection Act. 

8.2  Clients, customers, patients should direct any complaints, concerns or questions regarding Obidou Health Informatics’ or Sage Virtual Mental Health's compliance in writing to the Privacy Officer. If the Privacy Officer is unable to resolve the concern, the client, customer, patient may also write to the Information and Privacy Commissioner of British Columbia. 


Obidou Health Informatics’ Privacy Officer
Ms. Astrid Sherman
info@northshoreadhd.com
778-945-2778 (fax)

This website is intended for general guidance only, not as a substitute for detailed research or the exercise of professional  judgment. The information herein provided is on an “as is” basis and Obidou makes no representations or warranties, express or implied. This information is not meant to diagnose, treat or manage any mental health condition. If you are concerned about your mental health, please see your primary care provider or go to the nearest hospital emergency service.